If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Login form not working? sha1 problem?

I don't know what exactly the problem is here, but I'm using xampp to run these scripts... it connects to the server, inputs the information just fine into the database with the registration script and everything works fine in these php codes except that after I run this php code to register:

I used this code to enable logins but it keeps coming back with "The information your provided is not correct" when i try to login.. I used the same information logging in as I did to register... not sure what's wrong

Also, do you realize that Bill O'Reilly, Billy Bob Thornton, and Chris Evert-Lloyd would (silently) have their names changed to Bill OReilly, BillyBob Thornton, and Chris EvertLloyd when entered into your database? Is that really desirable/needed?

oh, I'm kind of new to php, I did this by watching a tutorial video... and everything works fine except it won't recognize my username and password after i 'register' and i 'login'... what am I missing besides SESSION_START()?

So when you say it's not working, what are the exact symptoms? Are you getting the "The information your provided is not correct" message, or is it something else? For debugging purposes, it's often useful to output the actual query being used, e.g.:

PHP Code:

}else{//secure data$email = mysql_real_escape_string($email);$pass = sha1($pass);// put the query into a variable first:$sql = "SELECT * FROM members WHERE email='$email' AND password='$pass' LIMIT 1";$query = mysql_query($sql) or die ('Could not check.');$count_query = mysql_num_rows($query); if ($count_query == 0){$message = "The information your provided is not correct";// debug only, delete this or change to error_log() later:die("<pre>$sql</pre>"); // now we can see what we sent to the DB // end debug}else{

me thinks NogDog, he is missing two or possibly three things, the mysql_real_escape_string() from his query to make ready the query string and not the $email variable string, instead he is prepping the strings and not the actual query string. Also the curly braces {} from the string that he is using and depending on the server settings, he may need back ticks for the field names.

not this

PHP Code:

$email = mysql_real_escape_string($email);$pass = sha1($pass);// put the query into a variable first:$sql = "SELECT * FROM members WHERE email='$email' AND password='$pass' LIMIT 1";

but this

PHP Code:

$pass = sha1($pass);// put the query into a variable first:$sql = mysql_real_escape_string("SELECT * FROM members WHERE email='{$email}' AND password='{$pass}' LIMIT 1");

still no responses? I took another look at the code and thought that maybe when the browser navigates to home.php it is automatically rerouting to index.php because for some weird reason $logged is set to 0, but I don't see why that would be the case. help?

Why do you need to create and test a variable for if a person is logged in? It would be simpler to just initialize a session on each page, check for a user session existing and have done with that rather than tracking variables that may or may not have been set.

// we have a session set, so we must be logged in... so verify that the login is real$query = mysql_query(sprintf( "SELECT * FROM members WHERE id='%s' AND password='%s' LIMIT 1;--",mysql_real_escape_string($_SESSION['id']),mysql_real_escape_string($_SESSION['pass']) ));

The above is an example on cutting away all the clutter, you have too much clutter and IMHO the above example would be better way of tackling the login issue. As for the rest of your scripts, my advice is to take the scripts back to the bare bones.

I should add that cutting down on code should have one exception and that is the $_FILES, $_POST and $_GET inputs, these are hack points that require these inputs to be sanitized in to safe variables that are then used in place of them.

When sanitize I chose to call my inputs $safe_POST['inputname'], example in your script would be...

PHP Code:

// use a whitelist to control what inputs are acceptable
$whitelist = array("email","pass","remember");

I tried what you said an added that script to the beginning of each page, but whenever I try to load any of the pages, it just gets stuck in a redirect loop and doesn't load anything... i think I may just have to find some good php tutorial videos and go back from the very basics and maybe i'll find out why things aren't working

You need to look at what scripts are "Including" other scripts and the examples I give are for example, they are not a working result. You would need to take the principle and work with your existing program structure.